Thread: not necessarily a bug...

not necessarily a bug...

From
Theodore Petrosky
Date:
recently I was playing around with psql and tried to
log onto a postgresql server so I tried...

psql -h 10.0.1.233 dbname

and to my suprise, i was in and able to issue
commands. what is 'bothering' me is that I was not
asked for a password. in defence of the system, I was
on a mac os x box logged in as 'postgres' so my
current name was postgres.

is this correct behaviour? I was expecting to be
challenged.

Ted

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com

Re: not necessarily a bug...

From
"Alex J. Avriette"
Date:
On Tue, Mar 09, 2004 at 02:17:23PM -0800, Theodore Petrosky wrote:

> and to my suprise, i was in and able to issue
> commands. what is 'bothering' me is that I was not
> asked for a password. in defence of the system, I was
> on a mac os x box logged in as 'postgres' so my
> current name was postgres.
>
> is this correct behaviour? I was expecting to be
> challenged.

Documentation is your friend, Ted. You need to read the pg_hba.conf
file in your PG_DATA directory, and the documentation which came with
the postgres distribution. Additionally, this really isn't a question
for hackers@.

Alex

--
alex@posixnap.net
Alex J. Avriette, Unix Systems Gladiator
The Emperor Wears No Clothes.
http://www.drugsense.org/wodclock.htm

Re: not necessarily a bug...

From
"Alex J. Avriette"
Date:
On Tue, Mar 09, 2004 at 07:33:31PM -0500, Alex J. Avriette wrote:

> the postgres distribution. Additionally, this really isn't a question
> for hackers@.

Meep, my apologies, this wasn't sent to hackers@.

--
alex@posixnap.net
Alex J. Avriette, Solaris Systems Masseur
"I ... remain against the death penalty because I feel that eternal boredom with no hope of parole is a much worse
punishmentthan just ending it all mercifully with that quiet needle." - Rachel Mills, NC Libertarian Gubernatorial
Candidate

Re: not necessarily a bug...

From
Tom Lane
Date:
Theodore Petrosky <tedpet5@yahoo.com> writes:
> recently I was playing around with psql and tried to
> log onto a postgresql server so I tried...

> psql -h 10.0.1.233 dbname

> and to my suprise, i was in and able to issue
> commands. what is 'bothering' me is that I was not
> asked for a password.

So what have you got in pg_hba.conf?  Evidently you've selected an
authentication method that's not password-based.

            regards, tom lane

Re: not necessarily a bug...

From
Richard Huxton
Date:
On Tuesday 09 March 2004 22:17, Theodore Petrosky wrote:
> recently I was playing around with psql and tried to
> log onto a postgresql server so I tried...
>
> psql -h 10.0.1.233 dbname

> is this correct behaviour? I was expecting to be
> challenged.

Host-based access is controlled via the pg_hba.conf file. Check the settings
there, and let us know if you still think there is a problem.

--
  Richard Huxton
  Archonet Ltd